Various security management techniques have been proposed to prevent an unauthorized user from accessing or using data managed by a DB server.
For example, there is a DB encryption method assigning a data encryption function to a DB server, providing encrypted data to a user client that requests data, and allowing the data to be used only when a decryption function is installed in the user client.
Examples of the DB encryption method include: a plug-in method where a plug-in agent is installed in a DB server to be operated with an encryption server, an API method where a DB server is operated with an encryption server in a manner of an API method, or a hybrid method thereof, etc.
For another example, there is a DB access control method enabling a user client to access a DB server through an access control server.
As the DB access control method, there are an agent method applying an agent including an access control and a logging function to a DB server itself, a gateway method setting every IP that is connected to a DB server through a DB security server (proxy server) or providing an inline security system between a DB server and a client, a sniffing method analyzing and logging packets on network tracks, etc.
However, the above-described conventional methods do not provide an integrative security technique where the DB encryption method and the DB access control method is organically combined.
In addition, after a user client having a DB server access right receives data, the above-described conventional methods do not have the control of the data. For example, it is impossible to control the situation where an unauthorized user randomly accesses data (plaintext data or decrypted data) transmitted to a user client having the access right.